<?php
$host="mysql-user.cse.msu.edu"; // Host name
$username="hewittry"; // Mysql username
$password="A39777266"; // Mysql password
$db_name="hewittry"; // Database name
$tbl_name="AllUsers"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

session_start();

// username and password sent from form
$usrName = $_SESSION['username'];
$usrType = $_SESSION['usertype'];
$newPassword=$_POST['newPword'];
$newEmail=$_POST['newEmail'];
$newTelephone=$_POST['newTelephone'];
$newCity=$_POST['newCity'];
$newState=$_POST['newState'];

$sql="SELECT * FROM $tbl_name WHERE LogonID='$usrName'";
$result=mysql_query($sql);
$row = mysql_fetch_row($result);

if($_POST['oldPword'] == $row[1] )
{
	if($newPassword != null)   //Changes password if one was entered
	{
		$sqlUpdateUsr = "UPDATE AllUsers SET UserPassword = '$newPassword' WHERE LogonID = '$usrName';";
		mysql_query($sqlUpdateUsr);
		session_start();
		$_SESSION["pword"] = $_POST['newPword'];
	}


	if($usrType == "dealer")
	{

		$newCoName = mysql_real_escape_string($_POST['newCoName']);
		$newStreetNum = $_POST['newStreetNum'];
		$newStreetName = mysql_real_escape_string($_POST['newStreetName']);
		$newZipcode = $_POST['newZipcode'];
		$newUrl = $_POST['newURL'];
		$desc = mysql_real_escape_string($_POST['description']);

		$sqlUpdateDealer = "UPDATE Dealer SET CompanyName = '$newCoName' , StreetNo = '$newStreetNum' , StreetName = '$newStreetName' , ";
	 	$sqlUpdateDealer .= "Zipcode = '$newZipcode' , URL = '$newUrl', description = '$desc' WHERE NonAdmins_AllUsers_LogonID = '$usrName';";
	
		mysql_query($sqlUpdateDealer);
	}
	else if($usrType == "regular")//"RegUser")
	{
		
		$newName = $_POST['newName'];
		$sqlUpdateRegUsr = "UPDATE RegisteredUser SET Name = '$newName' WHERE NonAdmins_AllUsers_LogonID = '$usrName';";
		mysql_query($sqlUpdateRegUsr); 
	}

	$newEmail = $_POST['newEmail'];
	$newTelephone = $_POST['newTelephone'];
	$newCity = $_POST['newCity'];
	$newState = $_POST['newState'];
	
	$sqlUpdateNonAdmin = "UPDATE NonAdmins SET Email = '$newEmail' , Telephone = '$newTelephone' , City = '$newCity' , ";
	$sqlUpdateNonAdmin .= "State = '$newState' WHERE AllUsers_LogonID = '$usrName';";
	mysql_query($sqlUpdateNonAdmin); 

	header("location:manageAccount.php");

}
else
{
	echo 'Invalid Input, </br><a class="headerlink" href="editInfo.php">Retry</a>';
}




